Modern society has produced a wealth of data to preserve for the
long term. Some data we keep for cultural benefit, in order to make
it available to future generations, while other data we keep because
of legal imperatives. One way to preserve such data is to store it
using survivable storage systems. Survivable storage is distinct
from reliable storage in that it tolerates confidentiality failures
in which unauthorized users compromise component storage servers,
as well as crash failures of servers. Thus, a survivable storage
system can guarantee both the availability and the confidentiality
of stored data.

Research into survivable storage systems investigates
the use of m-of-n threshold sharing schemes to
distribute data to
servers, in which each server receives a share of the data. Any m
shares can be used to reconstruct the data, but any m - 1 shares
reveal no information about the data. The central thesis of this
dissertation is that to truly preserve data for the long term, a
system that uses threshold schemes must incorporate recovery protocols
able to overcome server failures, adapt to changing availability
or confidentiality requirements, and operate in a decentralized
manner.

To support the thesis, I present the design and experimental
performance analysis of a verifiable secret redistribution protocol
for threshold sharing schemes. The pro- tocol redistributes shares
of data from old to new, possibly disjoint, sets of servers, such that
new shares generated by redistribution cannot be combined with old
shares to reconstruct the original data. The protocol is decentralized,
and does not require intermediate reconstruction of the data; thus,
one does not create a central point of failure or risk the exposure
of the data during protocol execution. The protocol incorporates
a verification capability that enables new servers to confirm that
their shares can be used to reconstruct the original data.